PatchSiren

Mono Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Mono Project CVE published 2023-02-22

CVE-2023-26314

CVE-2023-26314 is a HIGH severity vulnerability (CVSS 3.1: 8.8) affecting the Mono package in Debian distributions prior to version 6.8.0.105+dfsg-3.3. The vulnerability stems from the association of the application/x-ms-dos-executable MIME type with an unsandboxed Mono CLR interpreter, enabling arbitrary code execution when a user opens a malicious .NET executable file. The attack vector is network-based [truncated]